A Belgian security researcher has discovered a vulnerability on the website of Vatican News — the official news publication of the Holy See — that could allow anyone to publish their own fake news.

The vulnerability was discovered by independent researcher Inti De Ceukelaire. Proving his work, he tweeted a picture of Vatican News falsely stating that Pope Francis had declared God to be an onion.

De Ceukelaire (who we’ve previously profiled) has been behind some high profile discoveries. In September, he disclosed ways to access corporate messaging apps like Slack and Yammer by exploiting publicly-accessible help-desks and bug trackers.

Last February, De Ceukelaire earned notoriety after he redirected several links in Donald Trump’s old tweets to content that would otherwise be embarrassing for the now-occupant of 1600 Pennsylvania Avenue. He did this by identifying websites Trump had tweeted out whose domain names had been allowed to expire. He then re-registered them under his own name.

Keeping with the Trump theme, he used publicly accessible online information to find the contact details of Melania Trump. He used this to invite FLOTUS to his home town.

In the case of Vatican News, De Ceukelaire encountered an unpatched cross site scripting (XSS) vulnerability, and exploited it to inject the blatantly fake news.

NATO is working on a “special doctrine” for cyber operations and taking steps to help member states bolster their cyber defenses, an official said Monday.

Merle Maigre, who directs a NATO-affiliated cyber center headquartered in Tallin, Estonia, outlined the alliance’s multi-pronged efforts on cybersecurity during an appearance at the Center for Strategic and International Studies in Washington, D.C.

“NATO is currently on its way to come to a better understanding and develop its thinking [of] how cyber defense is better reflected in both policy planning and military planning,” Maigre said. “NATO is developing a special doctrine for cyber operations. NATO’s center in Tallinn is the custodian for the doctrine.”

The alliance is also looking to provide better training for member states in cybersecurity, she said, which the Cooperative Cyber Defence Centre of Excellence in Tallinn is helping support.

Maigre added that the alliance is also focused on building “resilience” among member states so they can better protect their systems.

“Where NATO is currently going is helping the allies to build resilience, providing a framework for member states to have a better understanding of … their critical information protection, how these systems are being developed and who is responsible for that,” Maigre explained.

NATO has been increasingly focused on cybersecurity as threats have compounded in recent years. At the Warsaw summit last year, alliance members recognized cyberspace as a domain of operations. The alliance also recognizes cyber defense as a core part of its collective defense efforts.

NATO Secretary-General Jens Stoltenberg has also said that a cyberattack could trigger the Article 5 principle of collective defense, which declares an attack on one ally is an attack on all.

Maigre was asked Monday what cyber incidents, in particular, could trigger Article 5. Maigre did not offer up a specific example, instead stressing, “there’s nothing automatic about Article 5.”

“Article 5 requires North Atlantic Council, be it at the level of ambassadors, ministers or head of states and governments, to gather and make a decision, and that applies also to any country bombing other country,” Maigre said.

“It needs to be a consensus-based decision,” she later added. “No one can be against it.”

Tanel Sepp, a cyber official at Estonia’s defense ministry, explained that an invocation of Article 5 would depend on the type of cyberattack. The principle has been invoked only one time, following the Sept. 11 terrorist attacks against the United States.

“It is always and will always be a question of effects,” Sepp said. “What kind of attack are we talking about and what is impacted.”

The event in Washington reflected on a series of cyberattacks that hit Estonia in 2007 which authorities have pinned on Russia.

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ Catherine Lhamon, the civil rights chief in Obama’s Education Department, says she’s worried about how the Trump administration approaches investigations and enforcement in some areas. View full post on Education Week: Bullying #pso #htcs #b4inc Read…

It’s finally here! If you’re excited about the upcoming Online Arts Integration and STEAM conference, you’re in good company. We already have over 1,100 registrants for this summer’s event. To help you plan out your […]

Your ads will be inserted here byEasy Plugin for AdSense.Please go to the plugin admin page toPaste your ad code OR Suppress this ad slot. TOKYO – The Japanese government is planning to form a new agency within fiscal 2017 that will lead and coordinate efforts to develop countermeasures against cyber-attacks that could physically damage […]
View full post on AmIHackerProof.com | Can You Be Hacked?

A Healdsburg school official who became embroiled in a computer hacking investigation with her husband avoided prosecution in an agreement with state prosecutors that she resign from her job, authorities said Thursday. Kestrel Davis Montes was the Healdsburg Unified School District’s director of student services when she and her husband, Francisco Montes, were the focus […] View full post on AmIHackerProof.com | Can You Be Hacked?

Your ads will be inserted here byEasy Plugin for AdSense.Please go to the plugin admin page toPaste your ad code OR Suppress this ad slot. The Shoura Council has announced a system to protect websites from being hacked into and online information stolen will be put in place soon. The deputy head of the council’s […] View full post on AmIHackerProof.com | Can You Be Hacked?